diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-06-18 02:08:59 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-06-18 02:08:59 -0400 |
commit | 34cecd4762e364ade049c455997051ca55663b6f (patch) | |
tree | 502182256e773704ca238da3e0b47934a8f495ce /go/parabola_hackers/nslcd_backend | |
parent | 374539da4c9e1b4ea5ca889771ce89b27b119f48 (diff) |
update to use the mutable strings in nslcd_proto
Diffstat (limited to 'go/parabola_hackers/nslcd_backend')
-rw-r--r-- | go/parabola_hackers/nslcd_backend/db_config.go | 2 | ||||
-rw-r--r-- | go/parabola_hackers/nslcd_backend/db_group.go | 35 | ||||
-rw-r--r-- | go/parabola_hackers/nslcd_backend/db_pam.go | 55 | ||||
-rw-r--r-- | go/parabola_hackers/nslcd_backend/db_passwd.go | 8 | ||||
-rw-r--r-- | go/parabola_hackers/nslcd_backend/db_shadow.go | 2 | ||||
-rw-r--r-- | go/parabola_hackers/nslcd_backend/hackers.go | 9 |
6 files changed, 61 insertions, 50 deletions
diff --git a/go/parabola_hackers/nslcd_backend/db_config.go b/go/parabola_hackers/nslcd_backend/db_config.go index e78643b..281b058 100644 --- a/go/parabola_hackers/nslcd_backend/db_config.go +++ b/go/parabola_hackers/nslcd_backend/db_config.go @@ -32,7 +32,7 @@ func (o *Hackers) Config_Get(cred s.Ucred, req p.Request_Config_Get) <-chan p.Co switch req.Key { case p.NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE: if o.cfg.Pam_password_prohibit_message != "" { - ret <- p.Config{Value: o.cfg.Pam_password_prohibit_message} + ret <- p.Config{Value: p.String(o.cfg.Pam_password_prohibit_message)} } } }() diff --git a/go/parabola_hackers/nslcd_backend/db_group.go b/go/parabola_hackers/nslcd_backend/db_group.go index 18e54b1..caced21 100644 --- a/go/parabola_hackers/nslcd_backend/db_group.go +++ b/go/parabola_hackers/nslcd_backend/db_group.go @@ -17,12 +17,21 @@ package hackers_nslcd_backend import ( - "parabola_hackers" s "syscall" p "lukeshu.com/git/go/libnslcd.git/proto" ) +func set2list(set map[string]bool) []p.String { + list := make([]p.String, len(set)) + i := uint(0) + for item, _ := range set { + list[i] = p.String(item) + i++ + } + return list +} + func (o *Hackers) groupByName(name string, users bool) p.Group { members_set, found := o.groups[name] if !found { @@ -32,15 +41,15 @@ func (o *Hackers) groupByName(name string, users bool) p.Group { if gid < 0 { return p.Group{ID: -1} } - var members_list []string + var members_list []p.String if users { - members_list = parabola_hackers.Set2list(members_set) + members_list = set2list(members_set) } else { - members_list = make([]string, 0) + members_list = make([]p.String, 0) } return p.Group{ - Name: name, - PwHash: "x", + Name: p.String(name), + PwHash: p.String("x"), ID: gid, Members: members_list, } @@ -55,15 +64,15 @@ func (o *Hackers) groupByGid(gid int32, users bool) p.Group { if !found { return p.Group{ID: -1} } - var members_list []string + var members_list []p.String if users { - members_list = parabola_hackers.Set2list(members_set) + members_list = set2list(members_set) } else { - members_list = make([]string, 0) + members_list = make([]p.String, 0) } return p.Group{ - Name: name, - PwHash: "x", + Name: p.String(name), + PwHash: p.String("x"), ID: gid, Members: members_list, } @@ -76,7 +85,7 @@ func (o *Hackers) Group_ByName(cred s.Ucred, req p.Request_Group_ByName) <-chan defer o.lock.RUnlock() defer close(ret) - group := o.groupByName(req.Name, true) + group := o.groupByName(string(req.Name), true) if group.ID < 0 { return } @@ -109,7 +118,7 @@ func (o *Hackers) Group_ByMember(cred s.Ucred, req p.Request_Group_ByMember) <-c defer o.lock.RUnlock() defer close(ret) - uid := o.name2uid(req.Member) + uid := o.name2uid(string(req.Member)) if uid < 0 { return } diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go index 607c550..e20a63f 100644 --- a/go/parabola_hackers/nslcd_backend/db_pam.go +++ b/go/parabola_hackers/nslcd_backend/db_pam.go @@ -18,6 +18,7 @@ package hackers_nslcd_backend import ( "fmt" + "os" "parabola_hackers" s "syscall" @@ -26,12 +27,12 @@ import ( "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger" ) -func checkPassword(password string, hash string) bool { - return crypt.Crypt(password, hash) == hash +func checkPassword(password p.String, hash p.String) bool { + return crypt.Crypt(string(password), string(hash)) == string(hash) } -func hashPassword(newPassword string, oldHash string) string { - salt := oldHash +func hashPassword(newPassword p.String, oldHash p.String) p.String { + salt := string(oldHash) if salt == "!" { str, err := parabola_hackers.RandomString(crypt.SaltAlphabet, 8) if err != nil { @@ -40,7 +41,7 @@ func hashPassword(newPassword string, oldHash string) string { } salt = "$6$" + str + "$" } - return crypt.Crypt(newPassword, salt) + return p.String(crypt.Crypt(string(newPassword), salt)) } func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication { @@ -50,17 +51,17 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat defer o.lock.RUnlock() defer close(ret) - if req.UserName == "" && req.Password == "" && cred.Uid == 0 { + if len(req.UserName) == 0 && len(req.Password) == 0 && cred.Uid == 0 { ret <- p.PAM_Authentication{ AuthenticationResult: p.NSLCD_PAM_SUCCESS, - UserName: "", + UserName: p.String(""), AuthorizationResult: p.NSLCD_PAM_SUCCESS, - AuthorizationError: "", + AuthorizationError: p.String(""), } return } - uid := o.name2uid(req.UserName) + uid := o.name2uid(string(req.UserName)) if uid < 0 { return } @@ -68,9 +69,9 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat user := o.users[uid] obj := p.PAM_Authentication{ AuthenticationResult: p.NSLCD_PAM_AUTH_ERR, - UserName: "", + UserName: p.String(""), AuthorizationResult: p.NSLCD_PAM_AUTH_ERR, - AuthorizationError: "", + AuthorizationError: p.String(""), } if checkPassword(req.Password, user.Passwd.PwHash) { obj.AuthenticationResult = p.NSLCD_PAM_SUCCESS @@ -89,13 +90,13 @@ func (o *Hackers) PAM_Authorization(cred s.Ucred, req p.Request_PAM_Authorizatio defer o.lock.RUnlock() defer close(ret) - uid := o.name2uid(req.UserName) + uid := o.name2uid(string(req.UserName)) if uid < 0 { return } ret <- p.PAM_Authorization{ Result: p.NSLCD_PAM_SUCCESS, - Error: "", + Error: p.String(""), } }() return ret @@ -112,7 +113,7 @@ func (o *Hackers) PAM_SessionOpen(cred s.Ucred, req p.Request_PAM_SessionOpen) < if err != nil { return } - ret <- p.PAM_SessionOpen{SessionID: sessionid} + ret <- p.PAM_SessionOpen{SessionID: p.String(sessionid)} }() return ret } @@ -130,7 +131,7 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ defer close(ret) defer o.lock.Unlock() - uid := o.name2uid(req.UserName) + uid := o.name2uid(string(req.UserName)) if uid < 0 { return } @@ -138,20 +139,20 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ // Check the OldPassword if req.AsRoot == 1 && cred.Uid == 0 { - // bypass the password check - } else { - if !checkPassword(req.OldPassword, user.Passwd.PwHash) { - ret <- p.PAM_PwMod{ - Result: p.NSLCD_PAM_PERM_DENIED, - Error: fmt.Sprintf("password change failed: %s", "Old password did not match"), - } - return + goto update + } + if !checkPassword(req.OldPassword, user.Passwd.PwHash) { + ret <- p.PAM_PwMod{ + Result: p.NSLCD_PAM_PERM_DENIED, + Error: p.String(fmt.Sprintf("password change failed: %s", "Old password did not match")), } + return } + update: // Update the PwHash in memory user.Passwd.PwHash = hashPassword(req.NewPassword, user.Passwd.PwHash) - if user.Passwd.PwHash == "" { + if len(user.Passwd.PwHash) == 0 { logger.Err("Password hashing failed") return } @@ -159,9 +160,9 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ // Update the PwHash on disk passwords := make(map[string]string, len(o.users)) for _, ouser := range o.users { - passwords[ouser.Passwd.Name] = ouser.Passwd.PwHash + passwords[string(ouser.Passwd.Name)] = string(ouser.Passwd.PwHash) } - passwords[user.Passwd.Name] = user.Passwd.PwHash + passwords[string(user.Passwd.Name)] = string(user.Passwd.PwHash) err := parabola_hackers.SaveAllPasswords(passwords) if err != nil { logger.Err("Writing passwords to disk: %v", err) @@ -172,7 +173,7 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ o.users[uid] = user ret <- p.PAM_PwMod{ Result: p.NSLCD_PAM_SUCCESS, - Error: "", + Error: p.String(""), } }() return ret diff --git a/go/parabola_hackers/nslcd_backend/db_passwd.go b/go/parabola_hackers/nslcd_backend/db_passwd.go index 3f32ddd..7bac808 100644 --- a/go/parabola_hackers/nslcd_backend/db_passwd.go +++ b/go/parabola_hackers/nslcd_backend/db_passwd.go @@ -36,12 +36,12 @@ func (o *Hackers) Passwd_ByName(cred s.Ucred, req p.Request_Passwd_ByName) <-cha defer o.lock.RUnlock() defer close(ret) - uid := o.name2uid(req.Name) + uid := o.name2uid(string(req.Name)) if uid < 0 { return } passwd := o.users[uid].Passwd - passwd.PwHash = "x" // only put actual hashes in the Shadow DB + passwd.PwHash = p.String("x") // only put actual hashes in the Shadow DB ret <- passwd }() return ret @@ -59,7 +59,7 @@ func (o *Hackers) Passwd_ByUID(cred s.Ucred, req p.Request_Passwd_ByUID) <-chan return } passwd := user.Passwd - passwd.PwHash = "x" // only put actual hashes in the Shadow DB + passwd.PwHash = p.String("x") // only put actual hashes in the Shadow DB ret <- passwd }() return ret @@ -74,7 +74,7 @@ func (o *Hackers) Passwd_All(cred s.Ucred, req p.Request_Passwd_All) <-chan p.Pa for _, user := range o.users { passwd := user.Passwd - passwd.PwHash = "x" // only put actual hashes in the Shadow DB + passwd.PwHash = p.String("x") // only put actual hashes in the Shadow DB ret <- passwd } }() diff --git a/go/parabola_hackers/nslcd_backend/db_shadow.go b/go/parabola_hackers/nslcd_backend/db_shadow.go index abfff28..db114d8 100644 --- a/go/parabola_hackers/nslcd_backend/db_shadow.go +++ b/go/parabola_hackers/nslcd_backend/db_shadow.go @@ -32,7 +32,7 @@ func (o *Hackers) Shadow_ByName(cred s.Ucred, req p.Request_Shadow_ByName) <-cha if cred.Uid != 0 { return } - uid := o.name2uid(req.Name) + uid := o.name2uid(string(req.Name)) user := o.users[uid] ret <- p.Shadow{ Name: user.Passwd.Name, diff --git a/go/parabola_hackers/nslcd_backend/hackers.go b/go/parabola_hackers/nslcd_backend/hackers.go index bb03862..c436824 100644 --- a/go/parabola_hackers/nslcd_backend/hackers.go +++ b/go/parabola_hackers/nslcd_backend/hackers.go @@ -22,6 +22,7 @@ import ( "parabola_hackers" "sync" + p "lukeshu.com/git/go/libnslcd.git/proto" nslcd_server "lukeshu.com/git/go/libnslcd.git/proto/server" nslcd_systemd "lukeshu.com/git/go/libnslcd.git/systemd" "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger" @@ -90,14 +91,14 @@ func (o *Hackers) Reload() error { o.groups = make(map[string]map[string]bool) for uid, user := range o.users { user.Passwd.GID = usersGid - hash, hasHash := passwords[user.Passwd.Name] + hash, hasHash := passwords[string(user.Passwd.Name)] if !hasHash { hash = "!" } - user.Passwd.PwHash = hash + user.Passwd.PwHash = p.String(hash) o.users[uid] = user for _, groupname := range user.Groups { - o.add_user_to_group(user.Passwd.Name, groupname) + o.add_user_to_group(string(user.Passwd.Name), groupname) } } return nil @@ -105,7 +106,7 @@ func (o *Hackers) Reload() error { func (o *Hackers) name2uid(name string) int32 { for uid, data := range o.users { - if data.Passwd.Name == name { + if string(data.Passwd.Name) == name { return uid } } |